Archive

Category Archives for "Networking"

Complexity and the Thin Waist

In recent years, we have become accustomed to—and often accosted by—the phrase software eats the world. It’s become a mantra in the networking world that software defined is the future. full stop This research paper by Microsoft, however, tells a different story. According to Baumann, hardware is the new software. Or, to put it differently, even as software eats the world, hardware is taking over an ever increasing amount of the functionality software is doing. In showing this point, the paper also points out the complexity problems involved in dissolving the thin waist of an architecture.

The specific example used in the paper is the Intel x86 Instruction Set Architecture (ISA). Many years ago, when I was a “youngster” in the information technology field, there were a number of different processor platforms; the processor wars waged in full. There were, primarily, the x86 platform, by Intel, beginning with the 8086, and its subsequent generations, the 8088, 80286, 80386, then the Pentium, etc. On the other side of the world, there were the RISC based processors, the kind stuffed into Apple products, Cisco routers, and Sun Sparc workstations (like the one that I used daily while in Cisco TAC). The argument Continue reading

ISOC Rough Guide to IETF 99: Internet Infrastructure Resilience

IETF 99 is next week in Prague, and I’d like to take a moment to discuss some of the interesting things happening there related to Internet infrastructure resilience in this installment of the Rough Guide to IETF 99.

Simple solutions sometimes have a huge impact. Like a simple requirement that “routes are neither imported nor exported unless specifically enabled by configuration”, as specified in an Internet draft “Default EBGP Route Propagation Behavior Without Policies”. The draft is submitted to IESG and expected to be published as a Standards Track RFC soon.

Andrei Robachevsky

MIT IoT and wearable project foretells the future of industrial safety

The IoT in the commercial sector might better be called the Internet of Prototypes, the IoP.Few of the components for building the ubiquitous IoT that the future holds are available today. The best way to envision the future is by prototyping. Prototypes of mission-critical or high-ROI applications will tease money out of research budgets to build them. All the prototypes will lead to a greater understanding, and when the cost of the problem matches the development investment  the prototypes will become products. With cost reduction and standardization, products could become generalized extensible platforms.+ Also on Network World: How industrial IoT is making steel production smarter + MIT built a fitting prototype that could, with further development, scale into a platform. A multidisciplinary team from the MIT Design Lab led by MIT Media Lab researcher Guillermo Bernal won best research paper at the Petra Conference last month for the team’s work applying IoT and wearables to industrial safety. The sophisticated and purpose-built prototype at the center of the research makes the paper “Safety++. Designing IoT and Wearable Systems for Industrial Safety through a User-Centered Design Approach” extremely tangible and predictive about how the IoT will unfold.To Continue reading

MIT IoT and wearable project foretells the future of industrial safety

The IoT in the commercial sector might better be called the Internet of Prototypes, the IoP.Few of the components for building the ubiquitous IoT that the future holds are available today. The best way to envision the future is by prototyping. Prototypes of mission-critical or high-ROI applications will tease money out of research budgets to build them. All the prototypes will lead to a greater understanding, and when the cost of the problem matches the development investment  the prototypes will become products. With cost reduction and standardization, products could become generalized extensible platforms.+ Also on Network World: How industrial IoT is making steel production smarter + MIT built a fitting prototype that could, with further development, scale into a platform. A multidisciplinary team from the MIT Design Lab led by MIT Media Lab researcher Guillermo Bernal won best research paper at the Petra Conference last month for the team’s work applying IoT and wearables to industrial safety. The sophisticated and purpose-built prototype at the center of the research makes the paper “Safety++. Designing IoT and Wearable Systems for Industrial Safety through a User-Centered Design Approach” extremely tangible and predictive about how the IoT will unfold.To Continue reading

We created a culture of visionaries. Here’s how you can, too.

We’re both honored and thrilled to announce that Cumulus Networks has been recognized as a “Visionary” in the Gartner Magic Quadrant for Data Center Networking. You can download this highly-anticipated report here, and learn about other major trends in the industry.

So, what’s it mean to be a visionary? According to Gartner, “Visionaries have demonstrated an ability to increase the features in their offerings to provide a unique and differentiated approach to the market. A visionary has innovated in one or more of the key areas of data center infrastructure, such as management (including virtualization), security (including policy enforcement), SDN and operational efficiency, and cost reductions.”

We couldn’t be happier to be recognized, and to us, it means our company vision has paid off. We’ve created a culture of visionaries through inquisitive, innovative and bold leadership, and these same traits are seen in both our philosophy and our technology. As more and more organizations embrace web-scale IT, we expect to keep pushing the technology forward — always striving for a better network.

With 96% of Gartner’s survey respondents finding open networking to be a relevant buying criterion, and with the adoption of white-box switching to reach 22% by 2020, it’s Continue reading

Real-time DDoS mitigation using sFlow and BGP FlowSpec

Remotely Triggered Black Hole (RTBH) Routing describes how native BGP support in the sFlow-RT real-time sFlow analytics engine can be used to blackhole traffic in order to mitigate a distributed denial of service (DDoS) attack. Black hole routing is effective, but there is significant potential for collateral damage since ALL traffic to the IP address targeted by the attack is dropped.

The BGP FlowSpec extension (RFC 5575: Dissemination of Flow Specification Rules) provides a method of transmitting traffic filters that selectively block the attack traffic while allowing normal traffic to pass. BGP FlowSpec support has recently been added to sFlow-RT and this article demonstrates the new capability.

This demonstration uses the test network described in Remotely Triggered Black Hole (RTBH) Routing. The network was constructed using free components: VirtualBox, Cumulus VX, and Ubuntu LinuxBGP FlowSpec on white box switch describes how to implement basic FlowSpec support on Cumulus Linux.

The following flowspec.js sFlow-RT script detects and blocks UDP-Based Amplification attacks:
var router = '10.0.0.141';
var id = '10.0.0.70';
var as = 65141;
var thresh = 1000;
var block_minutes = 1;

setFlow('udp_target',{keys:'ipdestination,udpsourceport',value:'frames'});

setThreshold('attack',{metric:'udp_target', value:thresh, byFlow:true});

bgpAddNeighbor(router,as,id,{flowspec:true});

var Continue reading

48% off Anker 15W Dual USB Solar Charger – Deal Alert

This solar charger from Anker delivers the fastest possible charge up to 2.1 amps under direct sunlight. 15 watt SunPower solar array is provides enough power to charge two devices simultaneously. Industrial-strength PET polymer faced solar panels are sewn into a rugged polyester canvas for weather-resistant outdoor durability. Clip it to your backpack, or attach to your tent or a tree. The charger currently averages 4.3 out of 5 stars from over 340 people on Amazon (read reviews), where its typical list price of $79.99 has been reduced 48% to $41.99. See this deal on Amazon.To read this article in full or to leave a comment, please click here

NEC claims new vector processor speeds data processing 50-fold

It seems more vendors are looking beyond the x86 architecture for the big leaps in performance needed to power things like artificial intelligence (AI) and machine learning. Google and IBM have their processor projects, Nvidia and AMD are positioning their GPUs as an alternative, and now Japan’s NEC has announced a vector processor accelerates that data processing by more than a factor of 50 compared to the Apache Spark cluster-computing framework. + Also on Network World: NVM Express spec updated for data-intensive operations + The company said its vector processor, called the Aurora Vector Engine, leverages “sparse matrix” data structures to accelerate processor performance in executing machine learning tasks. Vector-based computers are basically supercomputers built specifically to handle large scientific and engineering calculations. Cray used to build them in previous decades before shifting to x86 processors. To read this article in full or to leave a comment, please click here

NEC claims new vector processor speeds data processing 50-fold

It seems more vendors are looking beyond the x86 architecture for the big leaps in performance needed to power things like artificial intelligence (AI) and machine learning. Google and IBM have their processor projects, Nvidia and AMD are positioning their GPUs as an alternative, and now Japan’s NEC has announced a vector processor accelerates that data processing by more than a factor of 50 compared to the Apache Spark cluster-computing framework. + Also on Network World: NVM Express spec updated for data-intensive operations + The company said its vector processor, called the Aurora Vector Engine, leverages “sparse matrix” data structures to accelerate processor performance in executing machine learning tasks. Vector-based computers are basically supercomputers built specifically to handle large scientific and engineering calculations. Cray used to build them in previous decades before shifting to x86 processors. To read this article in full or to leave a comment, please click here

High-reliability OCSP stapling and why it matters

High-reliability OCSP stapling and why it matters

At Cloudflare our focus is making the internet faster and more secure. Today we are announcing a new enhancement to our HTTPS service: High-Reliability OCSP stapling. This feature is a step towards enabling an important security feature on the web: certificate revocation checking. Reliable OCSP stapling also improves connection times by up to 30% in some cases. In this post, we’ll explore the importance of certificate revocation checking in HTTPS, the challenges involved in making it reliable, and how we built a robust OCSP stapling service.

Why revocation is hard

Digital certificates are the cornerstone of trust on the web. A digital certificate is like an identification card for a website. It contains identity information including the website’s hostname along with a cryptographic public key. In public key cryptography, each public key has an associated private key. This private key is kept secret by the site owner. For a browser to trust an HTTPS site, the site’s server must provide a certificate that is valid for the site’s hostname and a proof of control of the certificate’s private key. If someone gets access to a certificate’s private key, they can impersonate the site. Private key compromise is a serious risk Continue reading

Encryption is Crucial to a Trusted Internet

The Five Eyes – Canada, the United States, United Kingdom, Australia, and New Zealand – recently met in Ottawa to discuss national security challenges. The resulting joint communiqué noted that “encryption can severely undermine public safety efforts by impeding lawful access to the content of communications during investigations into serious crimes, including terrorism.” The Internet Society believes that this view of encryption is misleading and bodes badly for a trusted Internet. Any weakening of encryption will hurt cybersecurity and individual rights and freedoms.

Mark Buell

Progress update – 10/07-2017

Hello folks,

Im currently going through the INE DC videos and learning a lot about fabrics and how they work along with a fair bit of UCS information on top of that!

Im spending an average of 2.5 hours on weekdays for study and a bit more in the weekends when time permits.

I still have no firm commitment to the CCIE DC track, but at some point I need to commit to it and really get behind it. One of these days ?

I mentioned it to the wife-to-be a couple of days ago and while she didn’t applaud the idea, at least she wasn’t firmly against it, which is always something I guess! Its very important for me to have my family behind me in these endeavours!

Im still a bit concerned about the lack of rack rentals for DCv2 from INE, which is something I need to have in place before I order a bootcamp or more training materials from them. As people know by now, I really do my best learning in front of the “system”, trying out what works and what doesn’t.

Now to spin up a few N9K’s in the lab and play around Continue reading